From e043b5aa8063aa3c34099db9fcabcf3b641065dd Mon Sep 17 00:00:00 2001 From: Olivier Leobal Date: Thu, 11 Jun 2015 15:58:41 +0200 Subject: [PATCH] OS customization packaged as .deb Notably allows to upgrade more easily an existing system ; see the simple_cdd/deb_build/ folder. --- simple-cdd/deb_build/Makefile | 64 ++++++++++++++++++++ simple-cdd/deb_build/debian-binary | 1 + simple-cdd/deb_build/debian/debian-changelog | 14 +++++ simple-cdd/deb_build/debian/debian-control | 9 +++ simple-cdd/deb_build/debian/debian-postinst | 61 +++++++++++++++++++ simple-cdd/deb_build/debian/debian-postrm | 3 + simple-cdd/deb_build/debian/debian-preinst | 3 + simple-cdd/deb_build/master-files | 1 + simple-cdd/deb_build/readme | 25 ++++++++ simple-cdd/myrc.local | 12 +++- simple-cdd/profiles/trc6500.postinst | 50 +++------------ simple-cdd/profiles/trc6500.preseed | 6 ++ simple-cdd/readme | 15 ++++- simple-cdd/simple-cdd.conf | 5 +- 14 files changed, 219 insertions(+), 50 deletions(-) create mode 100644 simple-cdd/deb_build/Makefile create mode 100644 simple-cdd/deb_build/debian-binary create mode 100644 simple-cdd/deb_build/debian/debian-changelog create mode 100644 simple-cdd/deb_build/debian/debian-control create mode 100755 simple-cdd/deb_build/debian/debian-postinst create mode 100755 simple-cdd/deb_build/debian/debian-postrm create mode 100755 simple-cdd/deb_build/debian/debian-preinst create mode 120000 simple-cdd/deb_build/master-files create mode 100644 simple-cdd/deb_build/readme diff --git a/simple-cdd/deb_build/Makefile b/simple-cdd/deb_build/Makefile new file mode 100644 index 0000000..f2ed7bb --- /dev/null +++ b/simple-cdd/deb_build/Makefile @@ -0,0 +1,64 @@ +# -*- Makefile -*- + +DIR = master-files/ + +CONFIGDIR = debian/ + +FILES = $(shell cd $(DIR); find etc/ -type f) + +TARGET = $(MODULE)_$(VERSION)_$(ARCH).deb + +OBJECTS = deb/DEBIAN/preinst \ + deb/DEBIAN/postrm \ + deb/DEBIAN/postinst \ + deb/opt/trc6500/script + +SHELL=/bin/bash +MODULE = trc6500-master-files +ARCH = all + +.DEFAULT: all +.PHONY: clean deb all + +VERSION = $(shell awk '/^$(MODULE)/ { gsub(/[()]/, ""); print $$2; exit }' debian/debian-changelog) + + +all: $(TARGET) deb + +clean: + rm -rf deb $(OBJECTS) $(TARGETS) + +deb: + rm -rf deb + mkdir --parent deb/etc/webconfig/ deb/etc/default/ deb/DEBIAN + +deb/DEBIAN/preinst: debian/debian-preinst deb $(addprefix $(DIR)/, $(FILES)) $(MAKEFILE_LIST) + rm -f $@ + cat $< > $@~ + for f in $(FILES); do echo '[ -f "/'$$f'" ] && dpkg-divert --add /'$$f; done >>$@~ + echo "exit 0" >>$@~ + chmod +x $@~ + mv $@~ $@ + +deb/DEBIAN/postrm: debian/debian-postrm deb $(addprefix $(DIR)/, $(FILES)) $(MAKEFILE_LIST) + rm -f $@ + cat $< > $@~ + for f in $(FILES); do echo '[ -f "/'$$f'" ] && dpkg-divert --remove /'$$f; done >>$@~ + echo "exit 0" >>$@~ + chmod +x $@~ + mv $@~ $@ + +deb/DEBIAN/postinst: debian/debian-postinst deb + cp $< $@ + +deb/opt/trc6500/script: ../additional_scripts deb + mkdir -p deb/opt/trc6500/script/ + cp ../additional_scripts/* deb/opt/trc6500/script/ + +$(TARGET): deb $(OBJECTS) + sed s/@@version@@/$(VERSION)/ debian/debian-control > deb/DEBIAN/control + mkdir -p deb/usr/share/doc/$(MODULE) + cp debian/debian-changelog deb/usr/share/doc/$(MODULE)/changelog + cp -r $(DIR)/* deb/ + fakeroot dpkg --build deb + mv deb.deb $@ diff --git a/simple-cdd/deb_build/debian-binary b/simple-cdd/deb_build/debian-binary new file mode 100644 index 0000000..cd5ac03 --- /dev/null +++ b/simple-cdd/deb_build/debian-binary @@ -0,0 +1 @@ +2.0 diff --git a/simple-cdd/deb_build/debian/debian-changelog b/simple-cdd/deb_build/debian/debian-changelog new file mode 100644 index 0000000..72d5aea --- /dev/null +++ b/simple-cdd/deb_build/debian/debian-changelog @@ -0,0 +1,14 @@ +trc6500-master-files (7.8.1-1) unstable; urgency=low + + * .deb packaging + + -- Olivier Leobal Wed, 10 Jun 2015 14:16:08 +0200 + +trc6500-master-files (7.8.0-1) unstable; urgency=low + + * initial release (#1337) + * added scripts from lgcore + * getswitchtemp fix + * inetd removal + + -- Olivier Leobal Wed, 10 Jun 2015 12:46:08 +0200 diff --git a/simple-cdd/deb_build/debian/debian-control b/simple-cdd/deb_build/debian/debian-control new file mode 100644 index 0000000..d8fef16 --- /dev/null +++ b/simple-cdd/deb_build/debian/debian-control @@ -0,0 +1,9 @@ +Section: TRC6500 +Priority: important +Version: @@version@@ +Architecture: all +Package: trc6500-master-files +Maintainer: Olivier Léobal +Description: files for the TRC6500's computing cluster's operating system + Contains mainly scripts and configuration files +Homepage: http://www.thalesgroup.com/ diff --git a/simple-cdd/deb_build/debian/debian-postinst b/simple-cdd/deb_build/debian/debian-postinst new file mode 100755 index 0000000..e26e741 --- /dev/null +++ b/simple-cdd/deb_build/debian/debian-postinst @@ -0,0 +1,61 @@ +#!/bin/bash + +# since equivs can't handle symlinks, here we are doing them by hand. As of writing this script (2015-05-29), there are 11 symlinks to take care of. + +# I don't know why things were that way before, but I'm told to set them that way again. +echo 'Moving things around..' +[ -d /home ] && mv /home /var/media/backup +mkdir -p /var/media/backup/dump/{core,dump_delay_line,dump_track_base,log,prod,rec,trace} +ln -s /var/media/backup/dump /dump +ln -s /var/media/backup/home /home +ln -s /var/media/backup/rec /rec +ln -s /var/media/prod /var/media/backup/prod +ln -s /etc/hosts.30MHzMDF /etc/hosts.30MHz +ln -s /etc/hosts.8MHzMHF /etc/hosts.8MHz +ln -s /usr/lib/syslinux/menu.c32 /opt/tftp/menu.c32 +ln -s /initrd.img /opt/tftp/initrd.img +ln -s /vmlinuz /opt/tftp/vmlinuz +ln -s /usr/lib/syslinux/pxelinux.0 /opt/tftp/pxelinux.0 +ln -s /usr/lib/syslinux/memdisk /opt/tftp/memdisk +echo 'Things moved.' + +# now enable all the scripts and such.. +echo 'Enabling on-startup scripts..' +update-rc.d waitswitches defaults +update-rc.d waitswitches enable +update-rc.d etherwake defaults +update-rc.d etherwake enable +update-rc.d ipmiwake defaults +update-rc.d ipmiwake enable +update-rc.d wakeonlan defaults +update-rc.d wakeonlan enable +update-rc.d waitslaves defaults +update-rc.d shutdownallblades defaults +update-rc.d checkudevrules enable +update-rc.d checkudevrules defaults +echo 'Scripts enabled.' + +# and these other things too +echo 'Finalizing configuration..' +chown webconfig /etc/webconfig/alias.csv /etc/dhcp/dhcpd.conf* +cp /etc/dhcp/dhcpd.conf.blank /etc/dhcp/dhcpd.conf +chsh -s /usr/bin/pdmenu trc6500 + +# from that sync_master.sh script.. Apparently there from Git shenanigans. +chmod go-rwx /root/.ssh/id_rsa +chmod go-rwx /opt/cluster/slave/root/.ssh +chmod go-rwx /opt/cluster/slave/root/.ssh/id_rsa +chmod a+rwx /opt/tftp + +echo "">/var/log/atftpd.log +chown nobody /var/log/atftpd.log + +update-initramfs -u + +cd /opt/cluster +# now this file is locked away during install and replaced by a dummy. So we put a duplicate of this in a script executed on first boot after the install. +# this is still here because it is planned we install/update this on established systems +[ -f /sbin/start-stop-daemon.REAL ] || make all +echo 'Finalized.' + + diff --git a/simple-cdd/deb_build/debian/debian-postrm b/simple-cdd/deb_build/debian/debian-postrm new file mode 100755 index 0000000..b97cb85 --- /dev/null +++ b/simple-cdd/deb_build/debian/debian-postrm @@ -0,0 +1,3 @@ +#!/bin/sh + +# list of diverts diff --git a/simple-cdd/deb_build/debian/debian-preinst b/simple-cdd/deb_build/debian/debian-preinst new file mode 100755 index 0000000..7d1b6f3 --- /dev/null +++ b/simple-cdd/deb_build/debian/debian-preinst @@ -0,0 +1,3 @@ +#!/bin/bash + +# list of diverts diff --git a/simple-cdd/deb_build/master-files b/simple-cdd/deb_build/master-files new file mode 120000 index 0000000..eeb5f92 --- /dev/null +++ b/simple-cdd/deb_build/master-files @@ -0,0 +1 @@ +../../master/ \ No newline at end of file diff --git a/simple-cdd/deb_build/readme b/simple-cdd/deb_build/readme new file mode 100644 index 0000000..1b2e764 --- /dev/null +++ b/simple-cdd/deb_build/readme @@ -0,0 +1,25 @@ +This puts things and thongs together to get us a makeshift Debian package. Copied from the same in lgcore6500(git repo)/dev/services/webconfig. Use with caution. + + +** How to use + +edit things in /debian, notably the control file + +edit the Makefile to include the files you want to include (ie, here, the master-files directory which is simply the "master" folder in the debian6500 git repo, without the symlinks) + +pray "make" will do the job + + +** What files we need + +Everything in the debian/ folder, ie control, preinst, postinst and the like. +Obviously they are not required for a _debian_ package but for _ours_ they are + +the ../additional_scripts folder. Please, please don't trash it away. These scripts come from the lgcore6500 repository, that's why they're no symlinks like for the master-files thing. + + +** About versioning + +Let us say our package is version 7.8.1-1. This means it's the version 1 of the customization archive for Debian 7.8, hence 7.8.1. The -1 suffix is a package version, in theory it doesn't affect the contents, only how they're packaged. + +That's for version number. Remember also to list your changes in the debian-changelog in the debian/ folder ; it'll be useful to check the OS version on systems once it's installed. diff --git a/simple-cdd/myrc.local b/simple-cdd/myrc.local index 9c8d58d..c47d25d 100755 --- a/simple-cdd/myrc.local +++ b/simple-cdd/myrc.local @@ -5,7 +5,7 @@ # our own /etc/network/interfaces gets written over for some reason, lets put it back where it belongs echo '(trc6500 first boot) Replacing the /etc/network/interfaces file..' -logger '(trc6500 first boot) Replacing the /etc/network/interfaces file..' +logger -t 'trc6500 first boot' 'Replacing the /etc/network/interfaces file..' rm -f /etc/network/interfaces mv /etc/network/interfaces.original /etc/network/interfaces # interfaces.new was hopefully created during the install, after master.tar was unpacked @@ -13,9 +13,17 @@ mv /etc/network/interfaces.original /etc/network/interfaces echo '(trc6500 first boot) Done replacing interfaces file.' +# we generate the tarballs given to the slave blades here, since if we do it during install they might get "locked" versions of files +echo '(trc6500 first boot) Generating tarballs..' +logger -t 'trc6500 first boot' 'Generating tarballs..' +cd /opt/cluster +make all +echo '(trc6500 first boot) Done generating.' + + # now let's delete this script and replace it with the vanilla one echo '(trc6500 first boot) Replacing this script with original /etc/rc.local..' -logger '(trc6500 first boot) Replacing this script with original /etc/rc.local..' +logger -t 'trc6500 first boot' 'Replacing this script with original /etc/rc.local..' rm -f /etc/rc.local && mv /etc/rc.local.original /etc/rc.local echo '(trc6500 first boot) Done replacing' diff --git a/simple-cdd/profiles/trc6500.postinst b/simple-cdd/profiles/trc6500.postinst index c372714..4a808e8 100755 --- a/simple-cdd/profiles/trc6500.postinst +++ b/simple-cdd/profiles/trc6500.postinst @@ -3,6 +3,7 @@ # it operates from the point of view of the target computer, so / is the target's HDD and so on # importantly enough, this is actually followed-up after reboot by a custom /etc/rc.local file, which erases itself after running (so it only runs on first reboot) # the (abundant) feedback messages should not be visible, but they should appear on the installer's syslog. Also yes, I know writing "task finished" after something that might fail isn't the greatest thing. +# note that much of what used to be here was put in the postinst file for the deb package we unpack mount /dev/cdrom /media/cdrom @@ -12,58 +13,20 @@ echo 'Installing additional package : firmware-bnx2..' dpkg -i /media/cdrom/simple-cdd/firmware-bnx2_0.36+wheezy.1_all.deb echo 'Additional packages installed.' +#debugging +echo 'force-confnew' > /etc/dpkg/dpkg.cfg.d/trc6500 + # now we unpack our master archive and replace all those conf files and scripts and things echo 'Unpacking master config files..' -tar xzf /media/cdrom/simple-cdd/master.tar.gz -C / +dpkg -i /media/cdrom/simple-cdd/trc6500-master-files* # version-proof chown root /etc/cron.d/getswitchtemp chown root /root/bin/get_switch_temperature echo 'Files unpacked.' -# I don't know why things were that way before, but I'm told to set them that way again. -echo 'Moving things around..' -mv /home /var/media/backup -mkdir -p /var/media/backup/dump/{core,dump_delay_line,dump_track_base,log,prod,rec,trace} -ln -s /var/media/backup/home /home -echo 'Things moved.' - echo 'Adding TRC6500 public key to keyring..' cat /media/cdrom/simple-cdd/TRC6500.pub | apt-key add - echo 'Key added.' -# now enable all the scripts and such.. -echo 'Enabling on-startup scripts..' -update-rc.d waitswitches defaults -update-rc.d waitswitches enable -update-rc.d etherwake defaults -update-rc.d etherwake enable -update-rc.d ipmiwake defaults -update-rc.d ipmiwake enable -update-rc.d wakeonlan defaults -update-rc.d wakeonlan enable -update-rc.d waitslaves defaults -update-rc.d shutdownallblades defaults -update-rc.d checkudevrules enable -update-rc.d checkudevrules defaults -echo 'Scripts enabled.' - -# and these other things too -echo 'Finalizing configuration..' -chown webconfig /etc/webconfig/alias.csv /etc/dhcp/dhcpd.conf* -cp /etc/dhcp/dhcpd.conf.blank /etc/dhcp/dhcpd.conf -chsh -s /usr/bin/pdmenu trc6500 - -# from that sync_master.sh script.. Apparently there from Git shenanigans. -chmod go-rwx /root/.ssh/id_rsa -chmod go-rwx /opt/cluster/slave/root/.ssh -chmod go-rwx /opt/cluster/slave/root/.ssh/id_rsa -chmod a+rwx /opt/tftp - -echo "">/var/log/atftpd.log -chown nobody /var/log/atftpd.log - -update-initramfs -u -echo 'Finalized.' - # our interfaces file gets written over for some reason, we'll copy it and restore it on first boot # note : after install, we'll be executing our own rc.local on first boot echo 'Placing first-boot script (/etc/rc.local)..' @@ -74,6 +37,7 @@ echo 'Script copied.' echo 'Deleting simple-cdd files on disk..' rm -r /usr/local/simple-cdd -echo 'Script deleted' +rm -r /etc/dpkg/dpkg.cfg.d/trc6500 +echo 'Files deleted' umount /media/cdrom diff --git a/simple-cdd/profiles/trc6500.preseed b/simple-cdd/profiles/trc6500.preseed index 4901ece..7e06ae2 100644 --- a/simple-cdd/profiles/trc6500.preseed +++ b/simple-cdd/profiles/trc6500.preseed @@ -44,6 +44,10 @@ passwd passwd/user-password-again password thales # - sda3 /var/media/backup (remaining) ext4 # Note that it will fail if you have less than 31 gigabytes it can use, obviously. +# Oh yeah and also it DOES NOT FORMAT if it finds something suitable +# ie, if you're reinstalling over something similar, better format it BEFORE using this +# really sorry about it, but I couldn't find a way around that + d-i partman-auto/disk string /dev/sda d-i partman-auto/method string regular @@ -69,6 +73,7 @@ d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true +d-i partman/mount_style select traditional # GRUB configuration @@ -83,3 +88,4 @@ iptables-persistent iptables-persistent/autosave_v4 boolean false # APT configuration d-i apt-setup/use_mirror boolean false popularity-contest popularity-contest/participate boolean false + diff --git a/simple-cdd/readme b/simple-cdd/readme index 0b8bec0..cd58b5c 100644 --- a/simple-cdd/readme +++ b/simple-cdd/readme @@ -2,6 +2,7 @@ This uses the simple-cdd package (available on the official Debian repository) to create a custom install CD for the master blade of the TRC6500 system's computing cluster. A number of components are installed automatically (either during install or on first boot) ; the CD also includes useful files for subsequent configuration. + ** What the built CD includes - a selection of useful/required packages @@ -11,18 +12,18 @@ This uses the simple-cdd package (available on the official Debian repository) t This CD does NOT create an usable operating system. All included systems should be reviewed, but particularly the network configuration (/etc/hosts, DHCP config, TFTP config..), which is partly automated thanks to scripts provided by the TRC6500 exploitation software, which is NOT bundled with this CD. + ** What files we'll be using - simple-cdd.conf (name is clear enough) should be passed to the build-simple-cdd program - the entire profiles/ directory is used by build-simple-cdd - myrc.local is the script executed on first boot - the local_packages/ directory contains packages not available on the regular repository, or more recent versions of packages available there. -- the additional_scripts/ directory contains useful scripts to be included in the master.tar.gz archive, in the /opt/trc6500/script/ folder. -- master.tar.gz is an archive of the "master" directory on the debian6500 repository, unpacked during install (NOT PROVIDED) +- the additional_scripts/ directory contains useful scripts included in the trc6500-master-files deb archive, in the /opt/trc6500/script/ folder. +- the deb_build/ folder contains the necessary stuff to build the trc6500-master-files deb package which contains a collection of scripts, config files and config instructions - TRC6500.pub is a GPG public key added to the OS's keyring during install, corresponding to a makeshift Debian repo from T. Pérennou - splash-thales.png is a 640*480 image used for the splashscreen -The files marked (NOT PROVIDED) were not included. It's up to you to put them together. ** How build-simple-cdd works @@ -38,6 +39,14 @@ Additional files are included with the all_extras="," option in our You should look into the provided simple-cdd.conf file ! It is tailored to a quite specific use case, and making your own should be easy enough since the simple-cdd package contains a detailed config file. + +** Building the trc6500-master-files deb packages + +This package has been put together in replacement of an earlier tarball ; the main benefit to using a deb being easier upgrade of existing systems. + +Check out the deb_build/ folder to learn more ; most of it is done by the Makefile. + + ** Regarding install vectors To set up a bootable USB key : diff --git a/simple-cdd/simple-cdd.conf b/simple-cdd/simple-cdd.conf index fa330a7..ae6faff 100644 --- a/simple-cdd/simple-cdd.conf +++ b/simple-cdd/simple-cdd.conf @@ -20,9 +20,10 @@ mirror_tools="wget" local_packages="${working_dir}/local_packages" # we'll unpack that during install -# for now, this includes : master.tar, myrc.local, TRC6500.pub, local_packages/firmware-bnx2 +# for now, this includes : myrc.local, TRC6500.pub, local_packages/firmware-bnx2, and the deb package with all the master files # additionally, the bnx2 firmware is there because it resists being added to local_packages for some odd reason. So we'll install it by hand. -all_extras="${working_dir}/master.tar.gz,${working_dir}/myrc.local,${working_dir}/TRC6500.pub,${working_dir}/local_packages/firmware-bnx2_0.36+wheezy.1_all.deb" +#all_extras="${working_dir}/master.tar.gz,${working_dir}/myrc.local,${working_dir}/TRC6500.pub,${working_dir}/local_packages/firmware-bnx2_0.36+wheezy.1_all.deb" +all_extras="${working_dir}/myrc.local,${working_dir}/TRC6500.pub,${working_dir}/local_packages/firmware-bnx2_0.36+wheezy.1_all.deb, ${working_dir}/deb_build/trc6500-master-files*.deb" # added value export SPLASHPNG="${working_dir}/splash-thales.png" -- 2.30.2